Threat/Vulnerability Management, Lead

Company Overview:

Cohere Health is a fast-growing clinical intelligence company that’s improving lives at scale by promoting the best patient-specific care options, using leading edge AI combined with deep clinical expertise. In only four years our solutions have been adopted by health insurance plans covering over 15 million people, while our revenues and company size have quadrupled.  That growth combined with capital raises totaling $106M positions us extremely well for continued success. Our awards include: 2023 and 2024 BuiltIn Best Place to Work, Top 5 LinkedIn™ Startup, TripleTree iAward, multiple KLAS Research Points of Light, along with recognition on Fierce Healthcare's Fierce 15 and CB Insights' Digital Health 150 lists.

Opportunity Overview:

We are seeking a seasoned Security Architect to lead and enhance our Threat and Vulnerability Management (TVM) program, ensuring it aligns with internal policies and HIPAA/HITRUST compliance requirements. The Security Architect will be responsible for designing and maintaining the overarching security architecture, conducting vulnerability assessments, and collaborating with various teams to address security issues. This role will involve working closely with developers, system administrators, and senior leadership to protect our digital assets and ensure a robust security posture.

Last but not least: People who succeed here are empathetic teammates who are candid, kind, caring, and embody our core values and principles. We believe that diverse, inclusive teams make the most impactful work. Cohere is deeply invested in ensuring that we have a supportive, growth-oriented environment that works for everyone.

What you will do:

• Threat and Vulnerability Management (TVM) Program:
• Lead a comprehensive TVM program, ensuring it meets internal standards and complies with HIPAA/HITRUST requirements.
• Conduct regular vulnerability scans using automated tools in a cloud-first environment, identifying vulnerabilities and assessing potential impacts.
• Vulnerability Analysis and Prioritization:
• Analyze vulnerability scan results, prioritize vulnerabilities based on risk, threat intelligence, and potential business impact.
• Gather and analyze threat intelligence to proactively identify and mitigate threats, providing actionable insights to the relevant teams.
• Collaboration and Remediation:
• Collaborate with development teams, system administrators, and other stakeholders to ensure timely remediation of identified vulnerabilities and threats.
• Lead remediation efforts, providing guidance and expertise to developers and system administrators.
• Review and collaborate with developers to remediate Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) findings.
• Incident Response and Reporting:
• Participate in incident response efforts related to vulnerabilities, assisting in the investigation and mitigation of security incidents.
• Assist in the creation and maintenance of vulnerability management reports and metrics, providing clear and concise updates to stakeholders.
• Report TVM program results and insights to Senior Leadership, highlighting key findings, risks, and progress on remediation efforts.
• Security Architecture Design and Maintenance:
• Design and maintain the overarching security architecture for the organization, ensuring it aligns with policies and compliance requirements, including HIPAA/HITRUST.
• Develop and implement security Identity Access Management (IAM) and Privileged Access Management (PAM) solutions
• Collaborate with development teams to ensure security architecture requirements are integrated into the software development lifecycle and adhered to throughout the project lifecycle.
• Threat Modeling and Risk Assessments:
• Conduct threat modeling and risk assessments to identify potential security threats and vulnerabilities.
• Define security architecture requirements and implement security hardening measures to protect systems and data.
• Security Tools Deployment and Management:
• Deploy and manage security tools and technologies, ensuring they are effectively integrated into the organization's security infrastructure.
• Stay abreast of the latest security technologies and best practices, recommending and implementing improvements as needed.
• Incident Response and Disaster Recovery Planning:
• Participate in incident response and disaster recovery planning, ensuring the organization's readiness to respond to and recover from security incidents

• Your background & requirements:
• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience.
• 5+ years of experience in a security architecture or similar role, with a focus on vulnerability management and compliance.
• Working knowledge of MITRE ATT&CK framework and D3FEND matrix
• Strong knowledge of HIPAA/HITRUST requirements and cloud-first security practices.
• Proficiency in vulnerability scanning tools and techniques, as well as experience in SAST/DAST.
• Demonstrated experience in threat intelligence gathering and analysis
• Demonstrated expertise in security tools and technologies, including SIEM, IDS/IPS, WAF, IAM and vulnerability assessment tools.
• Strong problem-solving and analytical skills, with the ability to prioritize and manage multiple projects simultaneously.
• Excellent communication and collaboration skills, with experience working closely with development teams and senior leadership.
• Relevant certifications such as CEH, GCIH, ISSAP, CISSP, or similar are preferred.
• Commitment to staying updated on the latest developments in cloud security and a proactive approach to continuous learning.

We can’t wait to learn more about you and meet you at Cohere Health!

Equal Opportunity Statement: 

Cohere Health is an Equal Opportunity Employer. We are committed to fostering an environment of mutual respect where equal employment opportunities are available to all.  To us, it’s personal.

The salary range for this position is $130,000 to $155,000; as part of a total benefits package which includes health insurance, 401k and bonus. In accordance with state applicable laws, Cohere is required to provide a reasonable estimate of the compensation range for this role. Individual pay decisions are ultimately based on a number of factors, including but not limited to qualifications for the role, experience level, skillset, and internal alignment.

#LI-Remote

#BI-Remote